Kibana 5.6 Tile-map not showing results

atira · March 12, 2018, 4:19pm

I'm new to the whole ELK stack, progressing slowly but passionately.
I'm having problems producing tile-map results. I've configured Logstash to use geoip:

    geoip {
            source => "client_ip"
    }

I've put the following into the custom template I'm using for my indices.

  "geoip" : {
    "dynamic" : true,
    "properties" : {
      "ip" : {
        "type" : "ip"
      },
      "location" : {
        "type" : "geo_point"
      },
      "latitude" : {
        "type" : "half_float"
      },
      "longitude" : {
        "type" : "half_float"
      }
    }
  }

What I can see is that I do get the data for each Apache event, for example:

  geoip.location.lat: 48.1
  geoip.location.lon: 20.783

When I try to visualize it, I get no results (using a saved search and proper time frame).
I'm using Aggregation: Geohash and field: location

One more thing I noticed: Logstash created an ES template called "logstash" while in its configuration it's clearly stated it should use a defined index.

  output {
          elasticsearch {
                  hosts => [ "localhost:9200" ]
                  index => "apache-request-%{+YYYY.MM}"
                  document_id => "%{fingerprint}"
                  action => "create"
          }
  }

What am I missing?

atira · March 12, 2018, 4:54pm

I managed to find it myself
I put the geoip settings not under but outside of mappings in the ES template.
Now results are visible.

Brandon_Kobel · March 12, 2018, 5:07pm

I'm glad you got it working @atira, thanks for sharing your solution here for others!

system · April 9, 2018, 5:07pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.